Tavve zoneranger User Manual page 92

The primary advantage of GVI and RGVI is that the existence of the TCP proxy is completely
transparent to the management application. Common routing mechanisms within the underlying
operating system are used to intercept traffic bound for devices in firewall-partitioned networks, so
there is no need to modify or reconfigure the management application in any way. Another
advantage is that the same mechanism can be used for other proxy services, such as ICMP proxy, or
SNMP proxy.
SOCKS
SOCKS is a standard protocol for generic TCP and UDP proxy services that can be used to redirect
management traffic from the management application to a SOCKS server integrated within the
Ranger Gateway. In order to use SOCKS, either the management application must include built-in
support for SOCKS, or generic SOCKS "shim" software must be installed on the management
application server. The shim software inserts itself between the management application and the
server's TCP/IP stack, and redirects traffic for specified IP addresses and ports to a SOCKS server,
based on configuration information.
In order to access a managed device through TCP proxy, a SOCKS-aware web browser initially
establishes a TCP connection to the SOCKS port (by default, ) on the Ranger Gateway. After
4855
this connection is established, the client application sends a SOCKS connection request to the
Ranger Gateway, indicating the managed device and port to which the client would like to connect.
The SOCKS server on the Ranger Gateway checks the Proxy Access Control configuration to verify
that the request should be allowed, then consults the Proxy Map service to identify a ZoneRanger
that is able to proxy traffic to the target device, and to translate the target address, if necessary. The
request is then forwarded to the selected ZoneRanger, which attempts to connect to the target
device. If this connection is successfully established, the ZoneRanger notifies the Ranger Gateway,
which in turn notifies the management application.
From this point, the Ranger Gateway and selected ZoneRanger simply relay data between the client
application's TCP connection to the Ranger Gateway and the ZoneRanger's TCP connection to the
target device. The Ranger Gateway and ZoneRanger continue to relay data until one of the
connections is disconnected.
Most web browsers support the SOCKS protocol. If a SOCKS-enabled web browser is not
available, you can use SOCKS "shim" software, which effectively inserts itself between the client
application and the networking layer on the host where the client application is running, and
redirects connection requests to a configured SOCKS server.
ZoneRanger 5.5 User's Guide 92